Fast session resumption segfault

Phil Mayers p.mayers at imperial.ac.uk
Thu Oct 20 15:51:32 CEST 2011


On 10/20/2011 01:25 PM, Alan DeKok wrote:
> Phil Mayers wrote:
>> Oops; I applied the patch in c145c7dabbd48 to my 2.1.12 servers, and
>> last night we had a segfault after running fine for several hours. I
>> restarted under GDB and caught a backtrace:
>>
>> #0  paircopyvp (vp=0x101010101010101) at valuepair.c:327
>
>    That's not a real pointer...
>
>    I've pushed a "fix".  It sets the cached VP pointer to NULL when it
> gets deleted.  That may help...
>
>    Otherwise, it's an OpenSSL bug for it to return an invalid pointer.

I'm looking at the code for handling SSL sessions, and I'm not sure it's 
right with regards reference counting.

I'm comparing it with the code in mod_ssl, which I'm assuming is 
definitely right; in their "delete" callback, they don't call 
SSL_SESSION_free(). They also return "0" from their "new" callback, 
indicating as they say:

     /*
      * return 0 which means to OpenSSL that the pNew is still
      * valid and was not freed by us with SSL_SESSION_free().
      */
     return 0;

Are we sure the session code is doing the right things?

Of course, the crappy OpenSSL API is really, really badly documented so 
it's hard to be sure...
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>




More information about the Freeradius-Devel mailing list